#2993 closed defect (duplicate)
swr ssse3: invalid read with forced mp3adu
| Reported by: | ami_stuff | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | swresample |
| Version: | git-master | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
http://www.datafilehost.com/d/ba6d93f1
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-93439e8/ffmpeg_g -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null - ==13106== Memcheck, a memory error detector ==13106== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==13106== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==13106== Command: ffmpeg-HEAD-93439e8/ffmpeg_g -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null - ==13106== ==13106== Invalid read of size 8 ==13106== at 0x881EE47: swri_resample_int16_ssse3 (resample_template.c:122) ==13106== by 0x881F61F: multiple_resample (resample.c:321) ==13106== by 0x8816544: resample (swresample.c:569) ==13106== by 0xB2005BF: ??? ==13106== Address 0xb1fe1fa is 762 bytes inside a block of size 768 alloc'd ==13106== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==13106== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==13106== by 0x8870187: av_malloc (mem.c:93) ==13106== by 0x8862908: av_buffer_alloc (buffer.c:70) ==13106== by 0x8863138: av_buffer_pool_get (buffer.c:305) ==13106== by 0x86765E0: audio_get_buffer (utils.c:541) ==13106== by 0x8678160: get_buffer_internal (utils.c:877) ==13106== by 0x86786F3: ff_get_buffer (utils.c:889) ==13106== by 0x85683B8: mp_decode_frame (mpegaudiodec.c:1633) ==13106== by 0x85687B3: decode_frame_adu (mpegaudiodec.c:1783) ==13106== by 0x867AA04: avcodec_decode_audio4 (utils.c:2137) ==13106== by 0x80B5629: decode_audio (ffmpeg.c:1526) ==13106== ==13106== ==13106== HEAP SUMMARY: ==13106== in use at exit: 0 bytes in 0 blocks ==13106== total heap usage: 113,668 allocs, 113,668 frees, 72,354,488 bytes allocated ==13106== ==13106== All heap blocks were freed -- no leaks are possible ==13106== ==13106== For counts of detected and suppressed errors, rerun with: -v ==13106== ERROR SUMMARY: 8 errors from 1 contexts (suppressed: 59 from 6)
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-93439e8/ffmpeg_g -cpuflags -ssse3 -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null - ==18846== Memcheck, a memory error detector ==18846== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==18846== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==18846== Command: ffmpeg-HEAD-93439e8/ffmpeg_g -cpuflags -ssse3 -acodec mp3adu -i v/vc1.wmv -loglevel 0 -vn -f null - ==18846== ==18846== ==18846== HEAP SUMMARY: ==18846== in use at exit: 0 bytes in 0 blocks ==18846== total heap usage: 113,669 allocs, 113,669 frees, 72,354,512 bytes allocated ==18846== ==18846== All heap blocks were freed -- no leaks are possible ==18846== ==18846== For counts of detected and suppressed errors, rerun with: -v ==18846== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 59 from 6)
Change History (7)
follow-up: 2 comment:1 by , 11 years ago
comment:2 by , 11 years ago
Replying to cehoyos:
Does this crash on Windows (or another OS)?
It crashes randomly on windows (currently can't reproduce under gdb).
comment:3 by , 11 years ago
| Component: | undetermined → swresample |
|---|---|
| Reproduced by developer: | set |
| Status: | new → open |
| Version: | unspecified → git-master |
The invalid read is reproducible, I don't know if it can be triggered easily.
comment:4 by , 11 years ago
I was able to prepare a file to reproduce this.
http://www1.datafilehost.com/d/ad6be63f
knoppix@Microknoppix:/media/sdb1$ valgrind --leak-check=full ffmpeg-HEAD-5dc6c0e/ffmpeg_g -i ./out.mov -loglevel 0 -f null - ==6738== Memcheck, a memory error detector ==6738== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==6738== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==6738== Command: ffmpeg-HEAD-5dc6c0e/ffmpeg_g -i ./out.mov -loglevel 0 -f null - ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0x437C69F: ??? ==6738== Address 0x4305b1c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0x456D15F: ??? ==6738== Address 0x449045c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xABF4DFF: ??? ==6738== Address 0xab84c9c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xAC6969F: ??? ==6738== Address 0xab84c9c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xAF0FABF: ??? ==6738== Address 0xae8c93c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xB162FFF: ??? ==6738== Address 0xb10ce9c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xB4CB01F: ??? ==6738== Address 0xb4477fc is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xB6E83BF: ??? ==6738== Address 0xb635f3c is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xB8249FF: ??? ==6738== Address 0xb7b17bc is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xB9F1FBF: ??? ==6738== Address 0xb9e6d9c is 2,300 bytes inside a block of size 2,304 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== Invalid read of size 8 ==6738== at 0x8824807: swri_resample_int16_ssse3 (resample_template.c:122) ==6738== by 0x8824FDF: multiple_resample (resample.c:321) ==6738== by 0x881BF04: resample (swresample.c:569) ==6738== by 0xBB3025F: ??? ==6738== Address 0xbaaabdc is 764 bytes inside a block of size 768 alloc'd ==6738== at 0x40268A4: memalign (vg_replace_malloc.c:694) ==6738== by 0x402695E: posix_memalign (vg_replace_malloc.c:835) ==6738== by 0x8875B97: av_malloc (mem.c:93) ==6738== by 0x88682F8: av_buffer_alloc (buffer.c:70) ==6738== by 0x8868B28: av_buffer_pool_get (buffer.c:305) ==6738== by 0x8677CD0: audio_get_buffer (utils.c:540) ==6738== by 0x8679850: get_buffer_internal (utils.c:876) ==6738== by 0x8679DE3: ff_get_buffer (utils.c:888) ==6738== by 0x8569A78: mp_decode_frame (mpegaudiodec.c:1633) ==6738== by 0x856A050: decode_frame (mpegaudiodec.c:1709) ==6738== by 0x867C0F4: avcodec_decode_audio4 (utils.c:2136) ==6738== by 0x80B5859: decode_audio (ffmpeg.c:1526) ==6738== ==6738== ==6738== HEAP SUMMARY: ==6738== in use at exit: 0 bytes in 0 blocks ==6738== total heap usage: 50,508 allocs, 50,508 frees, 19,762,456 bytes allocated ==6738== ==6738== All heap blocks were freed -- no leaks are possible ==6738== ==6738== For counts of detected and suppressed errors, rerun with: -v ==6738== ERROR SUMMARY: 136 errors from 11 contexts (suppressed: 59 from 6) knoppix@Microknoppix:/media/sdb1$
comment:5 by , 11 years ago
I can reproduce the invalid reads with valgrind (both 32- and 64bit), no crash here on Windows.
comment:6 by , 11 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | open → closed |
Seems fixed and i suspect this was a duplicate of Ticket #3193
comment:7 by , 11 years ago
Or rather #3193 was a duplicate of this ticket which both Ubitux and I missed...
Note:
See TracTickets
for help on using tickets.
Does this crash on Windows (or another OS)?